From owner-freebsd-questions@freebsd.org Tue Mar 27 17:24:05 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CB07F6D606 for ; Tue, 27 Mar 2018 17:24:05 +0000 (UTC) (envelope-from freebsd-lists@gromit.dlib.vt.edu) Received: from gromit.dlib.vt.edu (gromit.dlib.vt.edu [128.173.126.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gromit.dlib.vt.edu", Issuer "Chumby Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9D65273864 for ; Tue, 27 Mar 2018 17:24:04 +0000 (UTC) (envelope-from freebsd-lists@gromit.dlib.vt.edu) Received: from mather.chumby.lan (c-98-244-101-97.hsd1.va.comcast.net [98.244.101.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gromit.dlib.vt.edu (Postfix) with ESMTPSA id C51C3245; Tue, 27 Mar 2018 13:24:03 -0400 (EDT) From: Paul Mather Message-Id: Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: ipmitool and SuperMicro SYS-5027R-WRF Date: Tue, 27 Mar 2018 13:24:02 -0400 In-Reply-To: <20180327160355.GC25402@mailboy.kipshouse.net> Cc: byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org To: Karl Young References: <20180327160355.GC25402@mailboy.kipshouse.net> X-Mailer: Apple Mail (2.3445.5.20) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2018 17:24:05 -0000 On Mar 27, 2018, at 12:03 PM, Karl Young wrote: > Paul Mather(freebsd-lists@gromit.dlib.vt.edu)@2018.03.27 09:58:47 = -0400: > ... >> The above works well enough for me to get a SOL connection using = ipmitool as well as providing a system console via SOL. I did recently = have an issue, but that concerned my having changed the IPMI ADMIN = password to something that was too long: even though the password change = seemed to work, authentication failed because the password had been = silently truncated at the Supermicro side to something shorter. :-( >>=20 >=20 > If anyone else is curious, the max password length seems to be 20: >=20 > https://www.supermicro.com/support/faqs/faq.cfm?faq=3D16778 = Hmm... that's odd, because my password was exactly 20 characters. It = would only accept it if I entered the first 19 characters. What actually happened was that the longer password had worked. Then, = for some reason, it no longer worked. I figured maybe some BIOS or IPMI = firmware update had messed up something, so I reset it back to = ADMIN/ADMIN. That worked for logging in, but when I reset it back to = the original 20-character password I could no longer log in. After a = little bit of trial and error, I discovered that entering the first 19 = characters worked, so maybe it truncated it to 19 when I changed it? > That's a long password. {-; At $WORK we recently adopted the Stanford model for passwords whereby = the longer they are the less "complexity rules" attach to them. For = example, shorter passwords require an upper and lower case character; = number; and special character to be part of the password. Once you get = to 20+ characters in your password you can pretty much use whatever = characters you like, without having to make sure you include certain = characters: you could have a passphrase of all lower case characters at = that point if you wanted. This is to encourage people to use longer = passwords, which are more difficult to brute-force. Cheers, Paul. PS: Thanks for the link to the password length FAQ entry.